import "elf"

rule enterpriseunix2 {
  meta:
    author = "Tim Brown @timb_machine"
    description = "Hunts for enterprise UNIX binaries"
  strings:
    $aix = "aix" nocase
    $solaris = "solaris" nocase
    $hpux = "hpux" nocase
    $libca = "libc.a"
    $text = ".text"
    $data = ".data"
  condition:
    ($aix or $solaris or $hpux) and ((elf.number_of_sections >= 1) or ($libca and $text and $data))
}
